1. Deploy a hybrid DR topology for an on-premises database
  2. Copy the Password and Wallet Files to the Cloud

Copy the Password and Wallet Files to the Cloud

Copy the password and wallet files from the primary database to the standby in Oracle Cloud Infrastructure.

Get the Database Name and Verify the Wallet

Get the unique database name and the Oracle System ID (SID) for the Oracle Cloud Infrastructure (OCI) instance and verify the wallet location.

The database names should be the same for the on-premises database and the database system on OCI.
  1. In OCI, get the Unique Database Name and SID.
    The ORACLE_UNQNAME is the current db_unique_name for the OCI database system. The ORACLE_SID is the ONPREMSID. In this example, the Oracle SID is ORCLCDB. 
    env | grep ORA
  2. Check the location of the on-premises Wallet file by executing a SQL command.
    select * from V$ENCRYPTION_WALLET;
  3. Note the wallet location for the standby database in OCI. You'll need this for a later step.
     /opt/oracle/dcs/commonstore/wallets/tde/ORACLE_UNQNAME/

    For example, the wallet on OCI:

    $ ls -lrt
total 20
-rw------- 1 oracle oinstall 2555 Aug 27 06:32 ewallet_2020082706324337.p12
-rw------- 1 oracle oinstall 5467 Aug 27 06:32 ewallet.p12
-rw------- 1 oracle oinstall 5512 Aug 27 06:32 cwallet.sso

    For example, the on-premises wallet location:

    bash-4.2$ pwd
/opt/oracle/admin/ORCLCDB/xdb_wallet
bash-4.2$ ls -lrt
total 8
-rw-------. 1 oracle oinstall 3835 Aug 27 02:23 ewallet.p12
-rw-------. 1 oracle oinstall 3880 Aug 27 02:23 cwallet.sso

Remove the Data Files from the OCI Instance

Remove the data files from the Oracle Cloud Infrastructure (OCI) instance.

  1. On the OCI instance, create a script to remove the data files.
    The following is an example script: 
    SQL> set heading off linesize 999 pagesize 0 feedback off trimspool on
SQL> spool /tmp/files.lst
SQL> select 'asmcmd rm '||name from v$datafile union all select 'asmcmd rm '||name from v$tempfile union all select 'asmcmd rm '||member from 	v$logfile;
SQL> spool off
SQL> create pfile='/tmp/ ORACLE_UNQNAME.pfile' from spfile;         
SQL> exit
  2. As sysdba, use the command shutdown immediate to close, unmount, and shutdown the standby database on OCI.
    SQL> shutdown immediate
  3. In the /tmp directory, open the files.lst file and remove lines a. and b. to remove the data files.
    a.   SQL> select 'asmcmd rm '||name from v$datafile union all select 'asmcmd rm '||name from v$tempfile union all select 'asmcmd rm '||member from v$logfile;
b.   SQL> spool off
c.   If you don’t have ASM disks, then you will have to remove ALL the asmcmd command from the files.lst else the database files won't be deleted.
d.   Chmod 777 /tmp/files.lst
e.   Save and Execute the Script. $ ./tmp/files.lst
f.   All files for the starter database have now been removed.

Copy the Password to the Standby Database

Copy the password file from the on-premises database to the standby database host by using the IP addresses to open an SSH tunnel between the bastion host and the target database host.

  1. Tunnel to your standby database instance from your local host through the bastion host and copy the password file.
    The password file is located in the following directory: $ORACLE_HOME/dbs/orapwORACLE_SID.
    In the following example, replace id_rsa with your SSH keys and use the IP address of your bastion host and Oracle Cloud Infrastructure (OCI) database node. 
    scp -i ~/Keys/id_rsa -o ProxyCommand="ssh -i ~/Keys/id_rsa -W %h:%p opc@IP_address_of_your_bastion_host" orapwORACLE_SID opc@IP address of your OCI DB Node:~/tmp
  2. Save the copied file to the standby database instance in OCI.
    sudo cp orapwORACLE_SID /u01/app/oracle/product/19.0.0/dbhome_1/dbs/
  3. Run the command md5sum on the on-premises and OCI file orapwORACLE_SID and verify that they have the same fingerprint.
    md5sum /u01/app/oracle/product/19.0.0/dbhome_1/dbs/orapwORACLE_SID

Copy the Wallet Files to the Standby Database

Copy the password wallet to the /home/oracle/ directory on the standby database host in Oracle Cloud Infrastructure (OCI) by using the IP addresses to open an SSH tunnel between the bastion host and the standby database host.

  1. Locate the wallet in the on-premises host and make the wallet files readable, writable, and executable by everyone.
    cd /opt/oracle/admin/$ORCLSID/wallet
    In this example, the wallet contains two files: ewallet.p12 and cwallet.sso. Make both files readable, writable, and executable by everyone by using the chmod 777 command.
  2. On the OCI DB Host, verify that the $ORACLE_HOME/network/admin/sqlnet.ora file contains the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora. 
    ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE) (METHOD_DATA=(DIRECTORY=/opt/oracle/dcs/commonstore/wallets/tde/$ORACLE_UNQNAME)))
  3. Copy the wallet file to the OCI DB Host in the /tmp folder using the tunnel command.
    ~/Keys/id_rsa : Replace it with your Ssh keys
192.0.2.254: IP address of your bastion host.
10.10.30.2: IP address of your OCI DB Node.

scp -i ~/Keys/id_rsa -o ProxyCommand="ssh -i ~/Keys/id_rsa -W %h:%p opc@192.0.2.254" ewallet.p12 opc@10.10.30.2:/tmp/

scp -i ~/Keys/id_rsa -o ProxyCommand="ssh -i ~/Keys/id_rsa -W %h:%p opc@192.0.2.254" cwallet.sso opc@10.10.30.2:/tmp/
  4. Remove the existing wallet files from the OCI DB Host in the /opt/oracle/dcs/commonstore/wallets/tde/$ORACLE_UNQNAME directory.
  5. As the OPC user (not the Oracle user) on the OCI host, make the wallet files readable, writable, and executable by everyone.
    chmod 777 /tmp/ewallet.p12
chmod 777 /tmp/cwallet.sso
  6. Copy the wallet files from the /tmp folder to /opt/oracle/dcs/commonstore/wallets/tde/$ORACLE_UNQNAME.